Managed Networks TLS Endpoint Not Detected

I’ve configured two+ different Managed Network TLS Endpoints:

image

And verified they are returning Status Code 200

image

image

image

image

Associated the WARP Profile with the Managed Network TLS Endpoints:

But the WARP client on the same machine isn’t assigned the correct profile:

image

image

I confirmed that WARP will apply the correct profile based on OS - but that’s not what I need to do :confused:

I have confirmed that the configured TLS Endpoint is not detected by WARP Windows, Mac, or iOS clients.

I also confirmed the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cypher suite is supported.

So, I don’t know what to do from here…

@cscharff or @ErichSimon Any suggestions?

Hey
Are you able to confirm whether the specific IP addresses for the TLS cert hosts are excluded from the split tunnel profile?

I can see that you appear to have it configured as the IP and port which is correct.
however if that network range is sent down the warp tunnel it will cause issues as the detection will not be on the local network

For the configured managed net endpoint it appears that 192.168.0.0/24 would need to be present in the exclude list or at least the specific 192.168.0.1/32 entry for the server itself.

You can try and put your diag through the checker tool I am working on:

This will most likely flag the issue if your assigned IP address is not present in the split tunnel list if the LAN network is 192.168.0.0/24

It may help in pointing out any other clear known issues.

So many thanks for the reply!

Yes, I’ve excluded 192.168.0.0/24 from the WARP profile that should be matching the Managed Network:

but my Default WARP profile includes 192.168.0.0/24…

How do I generate the diag.zip to feed into your checker tool?

Hey,
These are how you can get the diag logs:

Thank you. Unfortunately, the warp-diag-checker output appears to be corrupted?

←[38;5;39;1m←[0m←[38;5;39;1m←[0m  ←[38;5;39;1m## ←[0m←[38;5;39;1mIP Address Split Tunnel←[0m←[38;5;39;1m Check←[0m←[38;5;252m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m  ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m
←[38;5;252m←[0m←[38;5;252m←[0m  ←[38;5;252mThe IP address assigned to the interface being used for the tunnel is not←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;252m←[0m  ←[38;5;252mcorrectly excluded from the split tunnel←[0m←[38;5;252m configuration. ←[0m←[38;5;252mPlease ensure this←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;252m←[0m  ←[38;5;252mIP address (or range) is added to the split tunnel configuration for the←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;252m←[0m  ←[38;5;252mwarp profile used by this←[0m←[38;5;252m device. ←[0m←[38;5;252mMore details can be found at:←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;30;4m←[0m←[38;5;30;4m←[0m  ←[38;5;30;4mhttps://developers.cloudflare.com/cloudflare-one/connections/connect-←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;30;4m←[0m  ←[38;5;30;4mapps/private-net/connect-private-networks/#3-route-private-network-ips-through-warp"←[0m
  ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m
←[38;5;252m←[0m←[38;5;252m←[0m  ←[38;5;252mβ€’ ←[0m←[38;5;252mEvidence:←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m
  ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m
←[38;5;251m←[0m←[38;5;252m←[0m  ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;251mMode: (network policy)       Exclude mode, with hosts/ips:←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m←[38;5;252m←[0m  ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;251mAssigned IP: 192.168.0.220, Not Matched in Split tunnel CIDRS ←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[38;5;252m ←[0m←[0m
←[0m

Okay, a few search and deletes later:


## mIP Address Split Tunnelm Check                                            m
                                                                            m
The IP address assigned to the interface being used for the tunnel is not   m
correctly excluded from the split tunnel configuration. Please ensure this  m
IP address (or range) is added to the split tunnel configuration for the    m
warp profile used by this device. More details can be found at:             m
https://developers.cloudflare.com/cloudflare-one/connections/connect-       m
apps/private-net/connect-private-networks/#3-route-private-network-ips-through-warp"m
                                                                              m
β€’ Evidence:                                                                 m
                                                                              m
  Mode: (network policy)	Exclude mode, with hosts/ips:                       m
  Assigned IP: 192.168.0.220, Not Matched in Split tunnel CIDRS             m
m

So…a bug?

Both the TLS Endpoint and 192.168.0.220 are within the 192.168.0.0/24 range that has been added to the Exclude IPs and Domains list.

Again, 192.168.0.0/24 is NOT excluded from my Default WARP profile but is excluded from the WARP profile that should be applied based on matching the Managed Network as identified by the TLS Endpoint.

@ErichSimon What is my next troubleshooting step?

The issue ended up being an incorrect port specification on the Managed Network TLS Endpoint. I entered ipAddr:80 when I should have entered ipAddr:443 :person_facepalming:

Additionally, upgrading a server changed its TLS certificate fingerprint.

Hope this helps.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.